Wednesday, May 31, 2017

Department of Defense data discovered on unprotected Amazon server

Sensitive government information from an American defense contractor was recently found on an unsecured Amazon server. It was free for anyone to access — no password required. The information was housed in a publicly-accessible S3 cloud storage “bucket.” Data found in the bucket points to Booz Allen Hamilton (BAH), an intelligence and defense consulting firm. BAH has an $86 million contract from the National Geospatial-Intelligence Agency (NGA), an agency working under the Department of Defense. The breach was discovered last week by Chris Vickery, a Cyber Risk Analyst for cyber resilience firm UpGuard. Vickery immediately emailed BAH, and then the NGA, to…